Get a thorough understanding of ISO 27000 standards for information security governance, and how to leverage the ISO 27000 standards to establish and maintain an information security management system (ISMS) program.

Then build-out the initial ISO-conforming information security program policy documents right in class!

ISO 27001 specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System within the context of the organization's overall business risks. It specifies requirements for the implementation of security controls customized to the needs of individual organizations or parts thereof. This ISO standard is designed to ensure the selection of adequate and proportionate security controls that protect information assets and give confidence to interested parties.

This 5-day ISO 31000 and ISO 27001 training and certification workshop provides thorough coverage of the ISO 31000 and ISO 27000 standards, as well as setting out advice on the implementation of an information security initiative. The purpose of the course is to:

Describe the principles and processes of information security governance and management;

Provide thorough coverage of the requirements of ISO 31000 and ISO 27001;

Establish a firm program starting point by using ISO 31000, ISO 31010, and ISO 27005 to establish the risk program driving information security, and then learn to leverage ISO 27001 and ISO 27002 to build out the initial Information Security Management core policy. Soft-copy editable templates are provided in class.